Damn Vulnerable iOS Application (DVIA)

A vulnerable app to test your iOS Penetration Testing Skills

Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This application covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try. This application also contains a section where a user can read various articles on iOS application security. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 8.1. DVIA is "free for personal use" and can be downloaded from here!

About

Damn Vulnerable iOS Application was born from the need to have a tool where a user can test their iOS penetration testing skills in a safe and legal environment. Also, this application can be used by mobile security enthusiasts and students to learn or review the basics of mobile application security.

Vulnerabilities and Challenges Include …

Insecure Data Storage

Jailbreak Detection

Runtime Manipulation

Piracy Detection

Sensitive information in memory

Transport Layer Security (http, https, cert pinning)

Client Side Injection

Information Disclosure

Broken Cryptography

Security Decisions via Untrusted input

Side channel data leakage

Application Patching

All these vulnerabilities and their solutions have been tested up to iOS 8.1

The app also contains a section on iOS Application Security Tutorials for those who want to learn iOS Application Pentesting. Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.

This app will only run on devices running iOS 7 or later. Users can download the source code and run the application on previous versions of iOS as well.

Get Started

Here is a tutorial on how to get started with Damn Vulnerable iOS App.

Learn

I have written a blog series on iOS Application Security. The complete list of tutorials can be found below

Solutions

While we have made available several free resources for learning iOS security, we have also made a solutions guide for the challenges in the application. This set of comprehensive guides is available at a cost of $19. To get an idea of how the solutions will look like, you can download a free version that covers solutions for a couple of challenges. Once you buy these solutions, you are entitled to receive solutions for any new challenges that will be added in the future versions of this application. The proceeds from this purchase support the DVIA project and give us dedicated time to improve the application, add new challenges, etc.